2011-12-22 16:19:25 +01:00
|
|
|
/*
|
|
|
|
|
* \brief Service management framework
|
|
|
|
|
* \author Norman Feske
|
|
|
|
|
* \date 2006-07-12
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2013-01-10 21:44:47 +01:00
|
|
|
* Copyright (C) 2006-2013 Genode Labs GmbH
|
2011-12-22 16:19:25 +01:00
|
|
|
*
|
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
|
|
|
* under the terms of the GNU General Public License version 2.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _INCLUDE__BASE__SERVICE_H_
|
|
|
|
|
#define _INCLUDE__BASE__SERVICE_H_
|
|
|
|
|
|
|
|
|
|
#include <util/list.h>
|
|
|
|
|
#include <ram_session/client.h>
|
|
|
|
|
#include <base/env.h>
|
2016-11-06 14:26:34 +01:00
|
|
|
#include <base/session_state.h>
|
|
|
|
|
#include <base/log.h>
|
|
|
|
|
#include <base/registry.h>
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
|
namespace Genode {
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
class Service;
|
2016-11-06 14:26:34 +01:00
|
|
|
template <typename> class Session_factory;
|
|
|
|
|
template <typename> class Local_service;
|
2015-03-04 21:12:14 +01:00
|
|
|
class Parent_service;
|
|
|
|
|
class Child_service;
|
|
|
|
|
}
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
class Genode::Service : Noncopyable
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
|
|
|
|
public:
|
2011-12-22 16:19:25 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
typedef Session_state::Name Name;
|
2011-12-22 16:19:25 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
private:
|
|
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
Name const _name;
|
|
|
|
|
Ram_session_capability const _ram;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
protected:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
typedef Session_state::Factory Factory;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Return factory to use for creating 'Session_state' objects
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
virtual Factory &_factory(Factory &client_factory) { return client_factory; }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
/*********************
|
|
|
|
|
** Exception types **
|
|
|
|
|
*********************/
|
|
|
|
|
|
|
|
|
|
class Invalid_args { };
|
|
|
|
|
class Unavailable { };
|
|
|
|
|
class Quota_exceeded { };
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructor
|
|
|
|
|
*
|
|
|
|
|
* \param name service name
|
2016-11-06 14:26:34 +01:00
|
|
|
* \param ram RAM session to receive/withdraw session quota
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Service(Name const &name, Ram_session_capability ram)
|
|
|
|
|
: _name(name), _ram(ram) { }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
virtual ~Service() { }
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return service name
|
|
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Name const &name() const { return _name; }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Create new session-state object
|
2015-03-04 21:12:14 +01:00
|
|
|
*
|
2016-11-06 14:26:34 +01:00
|
|
|
* The 'service' argument for the 'Session_state' corresponds to this
|
|
|
|
|
* session state. All subsequent 'Session_state' arguments correspond
|
|
|
|
|
* to the forwarded 'args'.
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
template <typename... ARGS>
|
|
|
|
|
Session_state &create_session(Factory &client_factory, ARGS &&... args)
|
|
|
|
|
{
|
|
|
|
|
return _factory(client_factory).create(*this, args...);
|
|
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Attempt the immediate (synchronous) creation of a session
|
|
|
|
|
*
|
|
|
|
|
* Sessions to local services and parent services are usually created
|
|
|
|
|
* immediately during the dispatching of the 'Parent::session' request.
|
|
|
|
|
* In these cases, it is not needed to wait for an asynchronous
|
|
|
|
|
* response.
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
virtual void initiate_request(Session_state &session) = 0;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Wake up service to query session requests
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
virtual void wakeup() { }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return the RAM session to be used for trading resources
|
|
|
|
|
*/
|
2017-02-19 21:40:52 +01:00
|
|
|
virtual Ram_session_capability ram() const { return _ram; }
|
2015-03-04 21:12:14 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Representation of a locally implemented service
|
|
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
template <typename SESSION>
|
2015-03-04 21:12:14 +01:00
|
|
|
class Genode::Local_service : public Service
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
struct Factory
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
typedef Session_state::Args Args;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
class Denied : Exception { };
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
/**
|
base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.
In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping
Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.
For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-19 10:31:50 +01:00
|
|
|
* Create session
|
|
|
|
|
*
|
2016-11-06 14:26:34 +01:00
|
|
|
* \throw Denied
|
base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.
In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping
Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.
For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-19 10:31:50 +01:00
|
|
|
* \throw Quota_exceeded
|
2016-11-06 14:26:34 +01:00
|
|
|
*/
|
|
|
|
|
virtual SESSION &create(Args const &, Affinity) = 0;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
virtual void upgrade(SESSION &, Args const &) = 0;
|
|
|
|
|
virtual void destroy(SESSION &) = 0;
|
|
|
|
|
};
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
/**
|
|
|
|
|
* Factory of a local service that provides a single static session
|
|
|
|
|
*/
|
|
|
|
|
class Single_session_factory : public Factory
|
|
|
|
|
{
|
|
|
|
|
private:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
typedef Session_state::Args Args;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
SESSION &_s;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
public:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
Single_session_factory(SESSION &session) : _s(session) { }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
SESSION &create (Args const &, Affinity) override { return _s; }
|
|
|
|
|
void upgrade (SESSION &, Args const &) override { }
|
|
|
|
|
void destroy (SESSION &) override { }
|
|
|
|
|
};
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
Factory &_factory;
|
|
|
|
|
|
|
|
|
|
template <typename FUNC>
|
|
|
|
|
void _apply_to_rpc_obj(Session_state &session, FUNC const &fn)
|
|
|
|
|
{
|
|
|
|
|
SESSION *rpc_obj = dynamic_cast<SESSION *>(session.local_ptr);
|
|
|
|
|
|
|
|
|
|
if (rpc_obj)
|
|
|
|
|
fn(*rpc_obj);
|
|
|
|
|
else
|
|
|
|
|
warning("local ", SESSION::service_name(), " session "
|
|
|
|
|
"(", session.args(), ") has no valid RPC object");
|
|
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructor
|
|
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Local_service(Factory &factory)
|
|
|
|
|
:
|
|
|
|
|
Service(SESSION::service_name(), Ram_session_capability()),
|
|
|
|
|
_factory(factory)
|
|
|
|
|
{ }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
void initiate_request(Session_state &session) override
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
switch (session.phase) {
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::CREATE_REQUESTED:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
try {
|
2017-02-14 17:38:09 +01:00
|
|
|
SESSION &rpc_obj = _factory.create(Session_state::Server_args(session).string(),
|
2016-11-06 14:26:34 +01:00
|
|
|
session.affinity());
|
|
|
|
|
session.local_ptr = &rpc_obj;
|
|
|
|
|
session.cap = rpc_obj.cap();
|
|
|
|
|
session.phase = Session_state::AVAILABLE;
|
|
|
|
|
}
|
|
|
|
|
catch (typename Factory::Denied) {
|
|
|
|
|
session.phase = Session_state::INVALID_ARGS; }
|
base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.
In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping
Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.
For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-19 10:31:50 +01:00
|
|
|
catch (Quota_exceeded) {
|
|
|
|
|
session.phase = Session_state::QUOTA_EXCEEDED; }
|
2016-11-06 14:26:34 +01:00
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case Session_state::UPGRADE_REQUESTED:
|
|
|
|
|
{
|
|
|
|
|
String<64> const args("ram_quota=", session.ram_upgrade);
|
|
|
|
|
|
|
|
|
|
_apply_to_rpc_obj(session, [&] (SESSION &rpc_obj) {
|
|
|
|
|
_factory.upgrade(rpc_obj, args.string()); });
|
|
|
|
|
|
|
|
|
|
session.phase = Session_state::CAP_HANDED_OUT;
|
|
|
|
|
session.confirm_ram_upgrade();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case Session_state::CLOSE_REQUESTED:
|
|
|
|
|
{
|
|
|
|
|
_apply_to_rpc_obj(session, [&] (SESSION &rpc_obj) {
|
|
|
|
|
_factory.destroy(rpc_obj); });
|
|
|
|
|
|
|
|
|
|
session.phase = Session_state::CLOSED;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case Session_state::INVALID_ARGS:
|
base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.
In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping
Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.
For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-19 10:31:50 +01:00
|
|
|
case Session_state::QUOTA_EXCEEDED:
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::AVAILABLE:
|
|
|
|
|
case Session_state::CAP_HANDED_OUT:
|
|
|
|
|
case Session_state::CLOSED:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Representation of a service provided by our parent
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
class Genode::Parent_service : public Service
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
private:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
/*
|
|
|
|
|
* \deprecated
|
|
|
|
|
*/
|
|
|
|
|
Env &_env_deprecated();
|
|
|
|
|
Env &_env;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Constructor
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Parent_service(Env &env, Service::Name const &name)
|
|
|
|
|
: Service(name, Ram_session_capability()), _env(env) { }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Constructor
|
2015-03-04 21:12:14 +01:00
|
|
|
*
|
2016-11-06 14:26:34 +01:00
|
|
|
* \deprecated
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Parent_service(Service::Name const &name)
|
|
|
|
|
: Service(name, Ram_session_capability()), _env(_env_deprecated()) { }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
void initiate_request(Session_state &session) override
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
switch (session.phase) {
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::CREATE_REQUESTED:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
session.id_at_parent.construct(session.parent_client,
|
|
|
|
|
_env.id_space());
|
|
|
|
|
try {
|
2017-02-14 17:38:09 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
session.cap = _env.session(name().string(),
|
|
|
|
|
session.id_at_parent->id(),
|
2017-02-14 17:38:09 +01:00
|
|
|
Session_state::Server_args(session).string(),
|
2016-11-06 14:26:34 +01:00
|
|
|
session.affinity());
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
session.phase = Session_state::AVAILABLE;
|
|
|
|
|
}
|
|
|
|
|
catch (Parent::Quota_exceeded) {
|
|
|
|
|
session.id_at_parent.destruct();
|
|
|
|
|
session.phase = Session_state::INVALID_ARGS; }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
catch (Parent::Service_denied) {
|
|
|
|
|
session.id_at_parent.destruct();
|
|
|
|
|
session.phase = Session_state::INVALID_ARGS; }
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
break;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::UPGRADE_REQUESTED:
|
|
|
|
|
{
|
|
|
|
|
String<64> const args("ram_quota=", session.ram_upgrade);
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
if (!session.id_at_parent.constructed())
|
|
|
|
|
error("invalid parent-session state: ", session);
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
try {
|
2016-11-06 14:26:34 +01:00
|
|
|
_env.upgrade(session.id_at_parent->id(), args.string()); }
|
|
|
|
|
catch (Parent::Quota_exceeded) {
|
|
|
|
|
warning("quota exceeded while upgrading parent session"); }
|
|
|
|
|
|
|
|
|
|
session.confirm_ram_upgrade();
|
|
|
|
|
session.phase = Session_state::CAP_HANDED_OUT;
|
2015-03-04 21:12:14 +01:00
|
|
|
}
|
2016-11-06 14:26:34 +01:00
|
|
|
break;
|
2011-12-22 16:19:25 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::CLOSE_REQUESTED:
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
if (session.id_at_parent.constructed())
|
|
|
|
|
_env.close(session.id_at_parent->id());
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
session.id_at_parent.destruct();
|
|
|
|
|
session.phase = Session_state::CLOSED;
|
|
|
|
|
break;
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::INVALID_ARGS:
|
base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.
In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping
Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.
For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-19 10:31:50 +01:00
|
|
|
case Session_state::QUOTA_EXCEEDED:
|
2016-11-06 14:26:34 +01:00
|
|
|
case Session_state::AVAILABLE:
|
|
|
|
|
case Session_state::CAP_HANDED_OUT:
|
|
|
|
|
case Session_state::CLOSED:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
}
|
2016-11-06 14:26:34 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Representation of a service that is implemented in a child
|
|
|
|
|
*/
|
|
|
|
|
class Genode::Child_service : public Service
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
struct Wakeup { virtual void wakeup_child_service() = 0; };
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
|
|
|
|
|
Id_space<Parent::Server> &_server_id_space;
|
|
|
|
|
|
|
|
|
|
Session_state::Factory &_server_factory;
|
|
|
|
|
|
|
|
|
|
Wakeup &_wakeup;
|
|
|
|
|
|
|
|
|
|
protected:
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* In contrast to local services and parent services, session-state
|
|
|
|
|
* objects for child services are owned by the server. This enables
|
base: apply routing policy to environment sessions
This patch changes the child-construction procedure to allow the routing
of environment sessions to arbitrary servers, not only to the parent.
In particular, it restores the ability to route the LOG session of the
child to a LOG service provided by a child of init. In principle, it
becomes possible to also route the immediate child's PD, CPU, and RAM
environment sessions in arbitrary ways, which simplifies scenarios that
intercept those sessions, e.g., the CPU sampler.
Note that the latter ability should be used with great caution because
init needs to interact with these sessions to create/destruct the child.
Normally, the sessions are provided by the parent. So init is safe at
all times. If they are routed to a child however, init will naturally
become dependent on this particular child. For the LOG session, this is
actually not a problem because even though the parent creates the LOG
session as part of the child's environment, it never interacts with the
session directly.
Fixes #2197
2016-12-12 17:40:55 +01:00
|
|
|
* the server to asynchronously respond to close requests when the
|
2016-11-06 14:26:34 +01:00
|
|
|
* client is already gone.
|
|
|
|
|
*/
|
|
|
|
|
Factory &_factory(Factory &) override { return _server_factory; }
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
|
|
|
|
|
/**
|
2016-11-06 14:26:34 +01:00
|
|
|
* Constructor
|
|
|
|
|
*
|
|
|
|
|
* \param factory server-side session-state factory
|
|
|
|
|
* \param name name of service
|
|
|
|
|
* \param ram recipient of session quota
|
|
|
|
|
* \param wakeup callback to be notified on the arrival of new
|
|
|
|
|
* session requests
|
2015-03-04 21:12:14 +01:00
|
|
|
*
|
|
|
|
|
*/
|
2016-11-06 14:26:34 +01:00
|
|
|
Child_service(Id_space<Parent::Server> &server_id_space,
|
|
|
|
|
Session_state::Factory &factory,
|
|
|
|
|
Service::Name const &name,
|
|
|
|
|
Ram_session_capability ram,
|
|
|
|
|
Wakeup &wakeup)
|
|
|
|
|
:
|
|
|
|
|
Service(name, ram),
|
|
|
|
|
_server_id_space(server_id_space),
|
|
|
|
|
_server_factory(factory), _wakeup(wakeup)
|
|
|
|
|
{ }
|
|
|
|
|
|
|
|
|
|
void initiate_request(Session_state &session) override
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
if (!session.id_at_server.constructed())
|
|
|
|
|
session.id_at_server.construct(session, _server_id_space);
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
session.async_client_notify = true;
|
|
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
|
2016-11-06 14:26:34 +01:00
|
|
|
bool has_id_space(Id_space<Parent::Server> const &id_space) const
|
2015-03-04 21:12:14 +01:00
|
|
|
{
|
2016-11-06 14:26:34 +01:00
|
|
|
return &_server_id_space == &id_space;
|
2015-03-04 21:12:14 +01:00
|
|
|
}
|
2016-11-06 14:26:34 +01:00
|
|
|
|
|
|
|
|
void wakeup() override { _wakeup.wakeup_child_service(); }
|
2015-03-04 21:12:14 +01:00
|
|
|
};
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
|
#endif /* _INCLUDE__BASE__SERVICE_H_ */
|
